You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This causes intelmqsetup to take over the ownership of the root directory, what could open some security risk as well as break some system actions (e.g. systemd-tmpfiles)
The text was updated successfully, but these errors were encountered:
The tool intelmqsetup wants to change the owner ROOT_DIR path.
If instructed to install IntelMQ in LSB-style paths, it's set
to the '/' resulting in changing the owner of system root to
intelmq.
This case is rare to happen (requires explixitly set INTELMQ_PATHS_NO_OPT
variable and using PIP package or directly the source code,
as the native package doesn't contain intelmqsetup), but it's
still potentially dangerous and can cause the system degradation
(e.g. prevents systemd-tmpfiles from working correctly).
Fixes: certtools#2354
It should be noted that path == "lsb" is only true if the user explicitly sets INTELMQ_PATHS_NO_OPT, and only in installations from git/PyPI. Installations from packages are not affected, the affected code is not present there.
The tool intelmqsetup wants to change the owner ROOT_DIR path.
If instructed to install IntelMQ in LSB-style paths, it's set
to the '/' resulting in changing the owner of system root to
intelmq.
This case is rare to happen (requires explixitly set INTELMQ_PATHS_NO_OPT
variable and using PIP package or directly the source code,
as the native package doesn't contain intelmqsetup), but it's
still potentially dangerous and can cause the system degradation
(e.g. prevents systemd-tmpfiles from working correctly).
Fixes: certtools#2354
intelmqsetup
tries to fix ownership of related directories:intelmq/intelmq/bin/intelmqsetup.py
Lines 172 to 176 in 7674949
However, the
ROOT_DIR
can be set to/
:intelmq/intelmq/__init__.py
Lines 18 to 20 in 7674949
This causes
intelmqsetup
to take over the ownership of the root directory, what could open some security risk as well as break some system actions (e.g.systemd-tmpfiles
)The text was updated successfully, but these errors were encountered: